๐ ๐๐ฟ๐ผ๐บ ๐๐ต๐ฒ ๐๐ถ๐ฒ๐น๐ฑ โ Real-World Findings from Security Assessments
๐ฅ ๐ฐ๐ณ.๐ฒ%ย of infrastructures Iโve assessed ๐๐๐ฒ ๐๐ฒ๐ฎ๐ธ ๐ผ๐ฟ ๐๐ต๐ฎ๐ฟ๐ฒ๐ฑ ๐น๐ผ๐ฐ๐ฎ๐น ๐ฎ๐ฑ๐บ๐ถ๐ป๐ถ๐๐๐ฟ๐ฎ๐๐ผ๐ฟ ๐ฝ๐ฎ๐๐๐๐ผ๐ฟ๐ฑ๐
๐๐โ๐ ๐๐ต๐ผ๐ฐ๐ธ๐ถ๐ป๐ด ๐ต๐ผ๐ ๐ฐ๐ผ๐บ๐บ๐ผ๐ป ๐๐ต๐ถ๐ ๐ถ๐:
๐ธ One password for every server and client
๐ธ Sometimes two (โserversโ vs โworkstationsโ)
๐ธ Almost always short, simple passwords (โค8 chars)
๐ง๐ต๐ถ๐ ๐ถ๐ ๐ฎ ๐ฑ๐ถ๐๐ฎ๐๐๐ฒ๐ฟ ๐๐ฎ๐ถ๐๐ถ๐ป๐ด ๐๐ผ ๐ต๐ฎ๐ฝ๐ฝ๐ฒ๐ป. Once an attacker cracks that single password, every system is theirs.
๐ย ๐ง๐ต๐ฒ ๐ณ๐ถ๐ ๐ถ๐ ๐ณ๐ฟ๐ฒ๐ฒ โ Microsoft Local Administrator Password Solution (LAPS):
๐๐ฒ๐ด๐ฎ๐ฐ๐ ๐๐๐ฃ๐ฆ (๐ฝ๐ฟ๐ฒ-๐ช๐ฆ๐ฎ๐ฌ๐ญ๐ต & ๐ช๐ถ๐ป๐ญ๐ฌ)
๐น Easy to use, rotates local admin passwords, stores them in AD.
๐ก๐ฒ๐ ๐๐๐ฃ๐ฆ (๐ฏ๐๐ถ๐น๐ ๐ถ๐ป๐๐ผ ๐ช๐ถ๐ป๐ญ๐ฌ&๐ญ๐ญ &ย ๐ช๐ฆ๐ฎ๐ฌ๐ญ๐ต+)
๐น Faster, simpler, more features:
โ Stronger, more readable passphrases
โ Password encryption (not just ACL protection)
โ Post-authentication actions (triggered when a LAPS password is used)
If you need ๐บ๐ผ๐ฟ๐ฒ ๐๐ต๐ฎ๐ป ๐ช๐ถ๐ป๐ฑ๐ผ๐๐ ๐ฐ๐ผ๐๐ฒ๐ฟ๐ฎ๐ด๐ฒ, commercial options likeย ๐ฆ๐๐ป๐ฒ๐ฟ๐ด๐ถ๐ ๐ฆ๐๐ฉ๐ย extend password management across platforms.
